Secure and Privacy-Preserving Biometric Systems

This thesis focuses on the analysis and design of secure and privacy-preserving biometric deployments. The widespread use of biometric-based architectures for the identification and authentication of individuals poses many concerns due to the collection of personal data. Privacy principles and security recommendations recognize biometrics as highly sensitive information that can be abused and thus must be protected. The approaches that have been proposed depend on the type and the number of the underlying biometric features, such as face, fingerprint or iris, multi-factor  or multibiometric schemes. Additionally, the targeted use-cases, for instance government or financial services and the infrastructure of the applications (local or online models) play an important role in the effectiveness of a proposed mechanism. This is a challenging task for the evaluation of practical, accurate and reliable countermeasures to address the security and privacy issues in biometric architectures.

Firstly, we analyze why the designs with multiple biometric modalities have attracted attention in high security-demanding schemes. We discuss whether multimodal recognition can overcome the limitations of traditional unimodal and multi-factor techniques. We analyze the increase of user identification precision and reliability by extending the space of biometric features. We address the concept of biometric integration and we describe the difficulties in selecting a convenient fusion model. We also investigate the impact of performance metrics on the robustness of fusion strategies.

Secondly, we describe the risks of the extraction, storage and processing of biometric data. We analyze why biometrics have been seen intrinsically as privacy's foe. We define the terms of privacy and security for biometric schemes. We study the current cryptographic approaches, clarifying to which extent they can be characterized as Privacy Enhancing Technologies. Additionally, we compare and evaluate their advantages and limitations in relation to the existing security regulations and privacy principles of the legal biometric data protection framework applicable in the European Union.

Thirdly, we carry out an analysis on the vulnerabilities of biometric features to attacks. Mainly driven by government services and the biometric electronic passports that are currently used in many countries, we emphasize data-identity fraud, mostly known as spoofing. We identify the cryptographic tools to enhance the security of biometric data used in ePassport identification documents. Motivated by the functionality of eGates at immigration checkpoints in arrival halls of airports, we design a bimodal biometric anti-spoofing verification system. Our architecture leverages the technique of crypto-biometrics for the secure storage of biometric data in the chip of the ePassport and a liveness detection method as a countermeasure to detect and avert spoofing attempts during automated checking processes.

Fourthly, we investigate the security and privacy concerns of biometric authentication schemes in services of the financial sector. We assess the feasibility of the technique of pseudonymous biometric identities as a privacy-preserving approach. Several advantages are demonstrated and some limitations are derived. Subsequently, we design a biometric authentication model for mobile electronic financial applications. We evaluate how the privacy requirements and the security recommendations for the processing of biometric data can be met in our scenario. Moreover, we identify the ways of developing privacy-by-design biometric-based eFinance architectures.

Finally, we investigate the necessity for highly accessible, scalable and secure biometric deployments. In addition to the popularity of mobile devices, we study whether the remote computation environment of a cloud can provide improved biometric identity management possibilities. We introduce a secure architecture for multimodal user authentication designed to function as an expert system, using stored unimodal biometrics held by cloud-based identity providers. We present a complete analysis of privacy threats associated with this infrastructure. For user multimodal recognition, we exploit a user-specific weighted score level fusion method. We also propose, implement and evaluate decentralized privacy-preserving protocols. In contrast to the existing literature and to the best of our knowledge, we are the first to design a novel, less invasive approach for multimodal authentication, avoiding an auxiliary enrollment of the user and preventing any storage of private information. It is assessed as a convenient solution that restricts misuses of sensitive data, and it is characterized by dynamic functionality and adaptability.

To conclude, biometric systems gain ground globally. Achieving effective and privacy-aware means of authentication has been a long-recognized issue of biometric security. In this thesis, we provide a comprehensive analysis and a critical evaluation of countermeasures and present solutions that can serve as a framework for future applications.